So, i was playing around with finding files in a computer. Found several threads and have basic idea, but i feel certain aspects were unanswered:
Thanks.
###Part 2:
You should be able to store the results of any command that would normally be printed to the terminal by using redirection.
wait dir > test.txt
The above would store the output of the dir command to text.txt in the current working directory.
What is your use case for searching the system for a file?
In general this is a bad idea. If used, it should either have an extremely narrow scope (search only 1 folder) if used in relevance. If it is used in ActionScript, it can be a bit more broad because you can make it only happen once, but even then it isn’t a great idea.
###Partial answer to Part 1:
You can use both relevance and commands in an Action to do queries of the system, but you can only run relevance (which is read only) on a system outside of an Action or through relevance substitution.
For some reason i get this error while storing results via ‘>’
so for example:
(pathnames of it, size of it) of find files “sidtest.exe” of (descendant folders of folder “c:”) > sidtest.txt
This is giving me a singular expression error; i even tried ‘>>’ but that doesnt work either. Any suggestions?
Use Case ; Yes, you are right; I do want to leverage this in certain folders only. I want to search for certain malicious exes or their SHAs in certain folders where i know for sure that they get stored.
As for running a relevance within an action, i have been testing them 1st in the Fixlet Debugger. And it always fails when i try to run a relevance within the action tab. Is this an issue only with the debugger?
Did some more testing for STORING RESULTS of “find files”
now, as an action i am able to execute:
wait { (find file “test.txt” of folder …)}
i was not using the wait command before;
BUT, even now no matter what i use “>>”, “>”, i am unable to store the results of the command to a file.
This actually shouldn’t work. We don’t redirect standard out in these calls to the OS. If you did that in a batch/shell file then you can do that of course as the shell will do it for you.
This has worked for me, but maybe it is because I’m doing the following:
wait cmd dir > text.txt
Your issue is that your trying to put the results of relevance in a file. That requires a different method.
If you are doing a command, you can redirect it to a file:
wait cmd find files "blah" > text.txt
but for relevance substitution, you have to put the results of that relevance into the file in the first place using either the Create File command, or Append File.
createfile until END_OF_FILE
{ (find file "test.txt" of folder ....) }
END_OF_FILE
Remember, relevance substitution is not a command, it is a query that usually results in text output, but unless that output is a file path, it won’t do anything if you try to run it using wait, and if you are finding a malware and then putting that path into a wait statement, that would mean your running the malware as root/SYSTEM, which is definitely not what you are trying to do.
Excellent point abt running the malware as system. I appreciate the advise. Yes, my goal will be to find the file path and sha values if anything. I guess in the past 1 hour i learnt more than i did in 1 month because of this generous and interactive forum. I will update this section after some more tests
Found a better solution than what i had: Analysis. - I apologize if i slightly deviated from topic, but was super excited 
Running the Relevance as an analysis’ PROPERTY will give me its complete details within the computers properties without having to store/read/download files.
Once i know that the analysis is done, i can shut it down globally too. Do you guys perceive any issues with running Analysis for every single relevance which i may want to see the results for? Specially when i am trying to store or view the results.
An analysis is fine for getting specific results of specific files, or if you run a command and output the results to a log, then read that log with the analysis. It is a bad idea to actually perform the find files function using relevance in an analysis property because it will run multiple times on a client and potentially stall the client while it is running and timeout.
You can tell an analysis property to only run once every 30 days or something similar, and that will help lower the impact.
I use analyses and analysis properties for lots and lots of things, but this is one I would recommend being careful with.
You can find many analysis examples here: http://bigfix.me/
See related posts:
You don’t need to use only relevance to search for the file if you are doing it through an action/fixlet/task. In that case you can use a dos command, or a script, or a program.
Using something other than relevance will help prevent the error you mention here:
Have you reviewed this thread …
@TimRice
Thank you for this. My searching skills were not good enough to go through this 
Will test and update the thread; I personally prefer direct cmd line function calls rather than depending on find files.
@jgstew and @jmaple have also helped me with executing multiple commands in cmd in other threads. Will leverage those thoughts into my final task.
Thank you guys for such contributions.
@TimRice one quick question; Did some more tests - did you guys ever face issues with Fixlet debugger?
i wrote a simple set of commands; file gets created; move to test.cmd works perfectly;
Now when i execute it, 80% of times i get exit code 1 and then results.txt DOESN’T gets created (throwing dir output to results.txt)
If i evaluate the same actions several times, it does get created sometimes. Or if i go to test.cmd and manually run it, Boom! results.txt gets created in a sec.
Anything similar you guys may have faced?
I have to admit I don’t use the Debugger to check Action script. I create the Task then test it on a set of test machines I keep around.
If I start to have real problems, I switch to testing on VM’s in VM Workstation so I can easily reset them.
I have exit code 1 associated with directory not found or command not found.